Determining the Image Status on the Host
While connected to the Enforcer host, use the following command to determine whether or not the images on the system are seen by the Enforcer as:
Command: /opt/aquasec/slk images show -a
$ /opt/aquasec/slk images show -a IMAGE NAME IMAGE ID LOCAL DIGEST SERVER DIGEST IMAGE PROFILE STATUS alpine:latest 196d12cf6ab1 32293403fd90 32293403fd90 registered alpinesecrets:latest c67dd1eb6034 32293403fd90 32293403fd90 registered amazon/amazon-ecs-agent:latest 6d5108578d35 1e930fb9a23d 1e930fb9a23d registered, blocked amazon/amazon-ecs-agent@sha256:d8708ef2e fec2b2925d04 fb9ba4d99ddf unregistered
The images on lines 3 and 4 have been registered and scanned by Aqua. They are approved to run either by a whitelist, or they are not in violation of an Image Assurance policy.
The image on line 5 has been registered and scanned by Aqua, but this image is in violation of a policy, and therefore it is blocked.
The image on line 6 has not been scanned by Aqua. If the Image Assurance policy has been configured to block unknown/unregistered images, then this image would be blocked.
Did you find it helpful?Send feedback